8、关闭不必要开机自启动服务
chkconfig --list | grep 3:on#查看开机自启动服务
chkconfig 服务名称 off #关闭自动的服务
9、禁用root远程登录
[root@wulaoer ~]# vi /etc/ssh/sshd_config
PermitRootLoginno
PermitEmptyPasswords no #禁止空密码登录
UseDNSno #关闭DNS查询
10、添加普通用户并进行sudo授权管理
[root@wulaoer ~]# useradd user
[root@wulaoer ~]# echo "123456" | passwd --stdin user #设置密码
[root@wulaoer ~]# vi /etc/sudoers #或visudo打开,添加user用户所有权限
root ALL=(ALL) ALL
user ALL=(ALL) ALL
11、清空防火墙并设置规则
[root@wulaoer ~]# iptables -F #清楚防火墙规则
[root@wulaoer ~]# iptables -L #查看防火墙规则
[root@wulaoer ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT #允许通过的端口
[root@wulaoer ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@wulaoer ~]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT
[root@wulaoer ~]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
[root@wulaoer ~]# iptables -A INPUT -p udp --dport 123 -j ACCEPT
[root@wulaoer ~]# iptables -A INPUT -p icmp -j ACCEPT
[root@wulaoer ~]# iptables -P INPUT DROP
[root@wulaoer ~]# /etc/init.d/iptables save #保存设置
12、关闭SELinux
[root@wulaoer ~]# vi /etc/selinux/config
SELINUX=disabled
[root@wulaoer ~]# setenforce #临时生效
[root@wulaoer ~]# getenforce #查看selinux状态
13、主机名设置
[root@wulaoer ~]# vi /etc/sysconfig/network
HOSTNAME=wulaoer
[root@wulaoer ~]# hostname wulaoer #临时生效
14、禁止无用服务
#! /bin/bash service acpid off service atd stop service auditd stop service avahi-daemon stop service avahi-dnsconfd stop service bluetooth stop service conman stop service cpuspeed stop service cups stop service dnsmasq stop service dund stop service firstboot stop service hidd stop service httpd stop service ibmasm stop service ip6tables stop service irda stop service kdump stop service lm_sensors stop service mcstrans stop service messagebus stop service microcode_ctl stop service netconsole stop service netfs stop service netplugd stop service nfs stop service nfslock stop service nscd stop service ntpd stop service oddjobd stop service pand stop service pcscd stop service portmap stop service psacct stop service rdisc stop service restorecond stop service rpcgssd stop service rpcidmapd stop service rpcsvcgssd stop service saslauthd stop service sendmail stop service setroubleshoot stop service smb stop service vncserver stop service winbind stop service wpa_supplicant stop service xfs stop service ypbind stop service yum-updatesd stop chkconfig acpid off chkconfig atd off chkconfig auditd off chkconfig avahi-daemon off chkconfig avahi-dnsconfd off chkconfig bluetooth off chkconfig conman off chkconfig cpuspeed off chkconfig cups off chkconfig dnsmasq off chkconfig dund off chkconfig firstboot off chkconfig hidd off chkconfig httpd off chkconfig ibmasm off chkconfig ip6tables off chkconfig irda off chkconfig kdump off chkconfig lm_sensors off chkconfig mcstrans off chkconfig messagebus off chkconfig microcode_ctl off chkconfig netconsole off chkconfig netfs off chkconfig netplugd off chkconfig nfs off chkconfig nfslock off chkconfig nscd off chkconfig ntpd off chkconfig oddjobd off chkconfig pand off chkconfig pcscd off chkconfig portmap off chkconfig psacct off chkconfig rdisc off chkconfig restorecond off chkconfig rpcgssd off chkconfig rpcidmapd off chkconfig rpcsvcgssd off chkconfig saslauthd off chkconfig sendmail off chkconfig setroubleshoot off chkconfig smb off chkconfig vncserver off chkconfig winbind off chkconfig wpa_supplicant off chkconfig xfs off chkconfig ypbind off chkconfig yum-updatesd off |
